Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Watching the Watchers
Matthew Tanase, 2005-04-18

Misuse of database information by insiders happens everyday, and there's little we can do about it.

Comments Mode:
Watching the Watchers 2005-04-18
Anonymous
protecting customer data... http://directorblue.blogspot.com/2005/04/protecting-customer
-data-part-ii.html

...

[ more ]  [ reply ]
Watching the Watchers 2005-04-19
BeauKey
Yes, you and I have to watch. Technically it is correct that more detailed audit trails etc. will not provide information of misuse of (authorisation to) data.
Many times there is circumstantial evidence which proove someone is out of line. One method is a variant on the honeypot. Use, when subscri...

[ more ]  [ reply ]
Watching the Watchers 2005-04-19
Anonymous
it's impossible to use any kinf of technical solutions to solve this problem
organizational solutions, are also, IMHO, unfeasible (i.e. having 2 or more people needed to access some resources)
I think only legal consequences can be an safeguard for such cases.
Of course, not all of such incidents...

[ more ]  [ reply ]
Watching the Watchers 2005-04-19
Anonymous (1 replies)
Technology (new hammers) will not solve our ethical dilemmas.

We are not teaching our children right and wrong. Love your neighbor as yourself! Would you want your server probed by others? We need to educate our children that scanning, probing and hacking other's servers is equivilant to wal...

[ more ]  [ reply ]
Watching the Watchers 2005-04-20
Anonymous
No, scanning is not like trying all the doors in a neighborhood. Scanning is like driving in a car down a sub-division street and noting who has litghts on and who doesn't.

Actually trying to exploit some known weakness, or find a new one on a given service is like trying all the doors in the sam...

[ more ]  [ reply ]
Watching the Watchers 2005-04-19
Anonymous
And what is wrong with being a paranoid security pseudo-professional linguist? Nothing!...

[ more ]  [ reply ]
Watching the Watchers 2005-04-20
LoneD (2 replies)
There are two problems really.

The first is the overpower of IT stuff. For example, if you are a sysadmin of your company file server - what (technically- I do not consider ethics now) will prevent you from viewing your co-workers data? File audit, you say. But if you are proffesional SA you obvi...

[ more ]  [ reply ]
Watching the Watchers 2005-04-20
Anonymous (1 replies)
Just to be picky: When you quote someone you should give them credit.

"Sed quis custodiet ispos custodes?"
Satires, VI, line 347
JUVENAL, C. 100 C.E....

[ more ]  [ reply ]
Watching the Watchers 2005-04-22
Roger
Grammatici latini sunt nimis elegantis!...

[ more ]  [ reply ]
Watching the Watchers: Matching the Matchers 2005-04-20
Anonymous
>overpower of IT stuff. For example, if you are a sysadmin...

Dear Come F. On!

I really sorry to burst your bubble: worst of people working in IT are more decent then best marketing guys.

Case in point: recently, just for my own private fun, I clicked on phishing e-mail. I dutifully filled ...

[ more ]  [ reply ]
Watching the Watchers 2005-04-20
Homer Simpson
``But who is watching the watchers?''

``I dunno, Coast Guard?'' --Homer Simpson...

[ more ]  [ reply ]
Watching the Watchers 2005-04-21
Anonymous
There is also a third group of people familiar with the phrase: avid Dan Brown readers from "Digital Fortress"...

[ more ]  [ reply ]
Watching the Watchers 2005-04-22
Doug Sibley
"I fear that the security business is rapidly becoming just that - a business where mitigating threats is based on ROI, which means that defending against such attacks just isn't feasible for most organizations."

Great! It is about time that security was applied based on risk -- we have limited r...

[ more ]  [ reply ]




 

Privacy Statement
Copyright 2009, SecurityFocus